[strongSwan] Strongswan not sending encryption algorithm
lakshmi.1147 at gmail.com
Fri Aug 5 10:41:28 CEST 2016
Thank you for the reply Andreas.
Can you please validate my understanding?
On Fri, Aug 5, 2016 at 1:49 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> Hi Lakshmi,
> The old IKEv1 protocol does not support AES-GCM for IKE since
> IANA hasn't assigned any encryption transform numbers:
> AES-GCM can be used for IKE protection with IKEv2, only:
> Anyway, you profit from the speed advantage of AES-GCM mainly
> with ESP because many payload packets must be processed.
> AES-GCM for ESP can be negotiated both via IKEv1 and IKEv2.
> On 08/05/2016 08:42 AM, Lakshmi Prasanna wrote:
> > Hi Team,
> > I am trying to use AES-GCM with IKEV1 and see that strongswan does not
> > send the encryption algorithm.
> > Is there any plugin or knob to enable the same?
> > Logs:
> > --------
> > received proposals: IKE:HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
> > configured
> > proposals:IKE:AES_GCM_16_128/HMAC_SHA2_256_128/PRF_HMAC_
> > Thanks and Regards,
> > Lakshmi
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users